Insecure storage in keychain
Keychain is a secure location in an iOS where data is encrypted and tied to the device locking/unlocking. The keychain database is in an encrypted format and the encryption happens with a unique hardware-specific key. The hardware key that is used for the encryption is at a secure location and can't be extracted from the device. Keychain items are classified into five classes, as follows:
- Generic passwords (
kSecClassGenericPassword) - Internet passwords (
kSecClassInternetPassword) - Certificates (
kSecClassCertificate) - Keys (
kSecClassKey) - Digital identities (
kSecClassIdentity, identity=certificate + key).
Data protection mechanism has been implemented by iOS, in which the keychain having sensitive data is protected with another ...
Get Learning iOS Penetration Testing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
